pjo
The SSL implementation only seems to verify the validity of a certificate, but does not match the CN in the certificate to the site name.
Example:
if I create a bogus CA , and with it certify a well known site (e.g. ftp.xxxxxxxx.com) and then make a phishing site (ftp.xxxxyxxx.com), smartftp will not complain that the site does not match the certificate.
Pjo
Example:
if I create a bogus CA , and with it certify a well known site (e.g. ftp.xxxxxxxx.com) and then make a phishing site (ftp.xxxxyxxx.com), smartftp will not complain that the site does not match the certificate.
Pjo